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This  paper  considers  measures  that  shouid  be  taken  by  the  United  States  government  to 
impiement  poiicies  for  a  standardized  personai  identificatien  system  that  inciudes  the  use 
of  chip  technoiogy  and  biometrics  tc  pcsitiveiy  identify  the  bearer.  The  paper  censiders  and 
expands  upon  the  foiiowing  discussion  points: 

-Terrorism  has  changed  significantiy  in  recent  years,  requiring  different  tactics, 
techniques  and  procedures  to  meet  this  asymmetric  threat. 

-Terrerist  groups  have  expanded  giebaiiy,  and  greups  eperate  around  the  worid 
without  regard  te  borders  er  nationai  boundaries.  This  has  made  it  more  difficuit  to  track 
and  apprehend  terrorists. 

-There  has  been  an  increase  in  the  practice  of  identity  theft  by  terrorist  organizations 
as  a  technique  to  infiitrate  agents  and  operatives  into  the  United  States. 

-  Biometric  technology  offers  a  significantly  Improved  method  for  positively  Identifying 
travelers  entering  the  United  States. 

The  paper  recommends  the  following: 

-  -That  the  United  States  adept  a  standard  for  a  biometric  identification  card  which  is 
required  fer  international  travel.  Include  Iris  scanning  and  smart  card  technelogy  te  make 


use  of  embedded  chip  data  storage,  encryption  and  biometrics  to  positively  identify  the 
bearer. 

-That  automation  architects  develop  a  single,  shared  International  database  of 
terrorist  suspects,  violent  dissidents,  and  criminals,  which  Is  accessible  by  world-wide 
agencies. 
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AN  ARGUMENT  FOR  THE  USE  OF  BIOMETRICS  TO  PREVENT  TERRORIST 
ACCESS  TO  THE  UNITED  STATES 

For  many  years,  the  United  States  has  been  a  target  for  terrorism.  In  most 
cases,  this  has  been  based  on  ideoiogicai  factors  invoiving  race  or  reiigion,  and 
countiess  exampies  can  be  traced  back  to  our  ciose  poiiticai,  sociai  and  economic 
reiations  with  the  nation  of  Israei.  Other  groups  have  targeted  us  due  to  our  giobai 
infiuence  as  “the  iast  superpower,”  whiie  some  see  our  giobaiiy  depioyed  forces  as 
occupationai  armies  or  a  western  campaign  of  giobai  expansion,  and  there  are  others 
who  seek  the  pubiicity  and  recognition  to  boost  an  otherwise  unremarkabie  cause. 
There  are  as  many  motives  as  there  are  spiinter  groups. 

HISTORY  AND  THE  CHANGING  THREAT  TO  U.S.  PERSONNEL 

In  recent  years,  terrorism  has  shifted  from  a  government-based,  state  sponsored 
campaign  to  one  of  muitinationai  terrorist  networks  carrying  out  terrorist  events 


independently.  State-sponsored  terrorism  emerged  in  the  1980s,  most  notably  with 
the  taking  of  the  U.S.  Embassy  in  Teheran.'  By  channeling  the  energy,  focus  and 
finances  of  a  national  power,  Iran  was  able  to  use  terrorism  as  a  political  tool.  The 
practice  has  also  been  adopted  in  Palestine  in  attacks  against  Israel.  More  recently, 
Saadam  Hussein  threatened  the  U.S.  with  terrorist  acts  on  U.S.  soil  in  retaliation  to 
the  pending  invasion  just  prior  to  the  onset  of  the  Gulf  War.  These  threats  posed  a 
dangerous  escalation  in  the  use  of  terrorism,  and  the  very  real  threat  of  bringing 
terrorism  to  the  shores  of  the  United  States.  Also,  the  fact  that  a  recognized  leader  of 
a  country  openly  threatened  to  use  terrorism  brought  this  tactic  from  the  fringe 
extremist  group  to  the  national  level.  In  the  eyes  of  many  Middle  Eastern  countries, 
this  provided  a  new  mindset  of  legitimacy  for  terrorism  as  a  viable  alternative  through 
government  sponsorship  and  funding.  However,  it  also  clearly  identified  who  the 
enemy  was.  State  sponsored  terrorist  states  such  as  the  Taliban  in  Afghanistan  and 
Saadam  Hussein  in  Iraq  have  been  forcibly  removed  from  power  in  response  to  their 
terrorist  stance  and  threat  to  other  nations.  Increasing  pressure  has  also  been 
applied  to  other  radical 

states  such  as  Syria  and  Iran  to  control  militant  and  terrorist  extremist  groups  within 
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their  countries  or  face  political,  economic  or  military  force  to  compel  them  to  do  so. 

With  the  increasing  span  of  control  and  influence  of  large  terrorist  organizations 
in  recent  years,  these  groups  now  operate  independent  of  national  borders.  In  recent 
years,  the  world  has  seen  increased  cooperation,  funding  and  sophistication  of  terrorist 
groups.  While  many  have  retained  their  differing  motives  and  desired  outcomes,  they 
have  often  jelled  into  a  loose  coalition  with  a  broad  common  goal.  These  groups  often 
join  together  for  a  common  purpose,  but  retain  their  unique  denominational  beliefs  and 
doctrine.  They  are  increasingly  more  willing  to  put  these  aside  in  to  achieve  the 
common  purpose  of  the  larger  movement.  The  old  saying  that  “the  enemy  of  my 
enemy  is  my  friend,”  comes  to  mind.  Largely  due  to  the  influences  of  Isama  Bin  Laden 


and  Al-Qaeda,  terrorist  and  radical  religious  organizations  throughout  the  world  are 
increasingly  coming  together  in  a  similar  manner  with  the  United  States  as  a  common 
enemy.  This  is  illustrated  in  quotes  from  a  recently  captured  Al-Qaeda  training 
manual; 


We  cannot  resist  this  state  of  ignorance  unless  we  unite  our  ranks  and  adhere  to 
our  religion.  Without  that,  the  establishment  of  religion  would  be  a  dream  or 
illusion  that  is  impossible  to  achieve.  Sheik  Ibn  Taimia  said,  “The  interests  of  all 
Adam's  children  would  not  be  realized  in  the  present  life,  nor  in  the  next,  except 
through  assembly,  cooperation,  and  mutual  assistance  in  overcoming  their 
adversities.” 

The  confrontation  that  we  are  calling  for  with  the  apostate  regimes  does  not  know 
Socratic  debates,  platonic  ideals  nor  Aristotelian  diplomacy.  But  it  knows  the 
dialogue  of  bullets,  the  ideals  of  assassination,  bombing,  and  destruction,  and 
the  diplomacy  of  the  cannon  and  machine-gun. 


-Al  Qaeda  Training  Manual,  Dec  2001^ 


This  mutual  cooperation  increases  the  complexity  associated  with  tracking,  targeting 
and  gathering  intelligence  on  terrorist  groups,  and  the  members  are  now  collaborating 
through  increasingly  capable  communication  and  data  networks  from  greatly  dispersed 
locations.  This  allows  many  terrorist  individuals  to  work  remotely  as  members  of  a 
collective  terrorist  group  without  regard  to  geography,  facilities,  or  support 
infrastructure.  The  unification  of  these  groups  poses  unique  challenges  to  our 
intelligence,  law  enforcement  and  anti-terro0st  governmental  activities.  The  identity  of 
specific  groups  have  become  more  difficult  to  identify;  the  increased  sharing  of 
resources,  ranging  from  intelligence  to  explosives  have  become  more  difficult  to  trace; 
and  the  spider  web  of  covert  support  often  exists  across  national  boundaries,  making  it 
more  difficult  to  assess  guilt  or  complicity. 


SCQPE  QF  THE  PRQBLEM 


While  the  use  of  technology  has  allowed  more  dispersed  collaboration 
among  terrorist  groups,  the  physical  threat  to  individuals  or  property  requires  the 
presence  of  terrorists  or  destructive  material  at  an  established  target  location.  A 
common  characteristic  of  terrorist  attacks  is  that  the  perpetrator  must  have  been 
physically  present  at  some  point  to  prepare  for  or  carry  out  the  attack.  By  introducing 
improved  identity  verification  controls  prior  to  granting  foreign  travelers  access  to  the 
United  States,  we  can  significantly  reduce  the  arrival  of  potential  terrorists  into  the 
United  States  and  allow  officials  to  detain,  apprehend  or  deny  entry  to  terrorist 
suspects.  This  would  be  no  small  endeavor.  Each  year,  more  than  half  a  trillion 
people  enter  the  United  States,  two  thirds  of  whom  are  aliens.®  The  challenge  is  that 
of  sifting  through  billions  of  individual  identities  in  order  to  identify  a  very  small  fraction 
of  suspected  individuals.  The  sheer  volume  of  data  is  staggering,  and  impossible  to 
manage  without  significant  dedicated  automation  resources.  A  system  that  is  able  to 
produce  a  verifiable  digital  identity  is  key  to  this  process.  An  effective  system  must 
meet  three  important  conditions; 

-Accurate.  It  must  be  able  to  accurately  identify  individuals  to  an 
extremely  high  degree  of  accuracy. 

-Efficient.  Speed  and  operating  system  redundancy  are  critical  to  a 
robust  and  reliable  system. 

-Accepted.  All  agencies,  organizations  and  individuals  must  agree  to  a 
common  architecture,  set  of  standards,  and  common  devices  in  order  to  implement  on 
a  large  scale. 

RISE  IN  IDENTITY  THEFT  AS  A  MEANS  TO  INFILTRATE 

Being  able  to  identify  individual  terrorist  suspects  is  one  of  the  most  significant 
and  concrete  measures  that  can  be  taken  in  combating  terrorism.  A  key  component 
of  the  successful  terrorist  event  has  been  the  ability  of  the  perpetrator  to  breach  the 
perimeter  in  order  to  carry  out  the  terrorist  attack.  While  this  may  be  a  physical 
perimeter  consisting  of  a  fence  or  barrier,  the  same  applies  to  national  boundaries. 


border  checkpoints,  or  other  access  control  measures  designed  to  identify,  detain  or 
apprehend  terrorist  suspects.  The  current  system  of  immigration  controls  is  largely 
unchanged  over  the  past  century,  and  is  based  on  paper  documents  such  as 
passports  and  visas.  These  are  intended  to  verify  the  identity  of  the  bearer,  and  a 
photograph  is  the  verification  medium.  This  presents  a  material  weakness  in 
immigration  controls.  Only  two  components  are  required.  The  individual  possesses 
the  physical  passport,  and  the  photograph  is  a  reasonable  likeness  of  the  bearer.  In 
looking  for  ways  to  enter  the  United  States  or  other  areas  undetected,  terrorists  have 
not  been  blind  to  the  increase  in  identity  theft  in  the  United  States.  According  to  the 
Federal  Trade  Commission,  more  than  27  million  Americans  have  been  victims  of 
identity  theft  in  the  past  five  years,  with  9.9  million  cases  in  the  last  year  alone.  While 
most  identity  theft  has  been  in  the  arena  of  economic  crime,  an  increasing  number  of 
terrorists  are  turning  to  identity  theft  in  order  to  mask  their  movements  and  to  infiltrate 
potential  target  locations.  Zacharias  Moussaoui,  a  suspected  terrorist  in  the 
September  1 1 ,  2001  attack  on  the  World  Trade  Center,  and  Marwan  al-Shehhi,  a 
suspected  hijacker  believed  to  have  piloted  United  Airlines  Flight  175  into  the  south 
Trade  Center’s  tower,  are  both  suspected  to  have  received  money  from  Ramzi  bin 
Alshibh  using  the  stolen  identity  of  an  Arizona  doctor.®  By  posing  as  someone  else, 
Ramzi  bin  Alshibh  was  able  to  distance  himself  from  the  suspected  hijacking 
ringleader,  Mohamed  Atta,  who  he  had  shared  an  apartment  with  in  Hamburg, 

Germany  in  the  summer  of  2001.  The  real  Arizona  doctor,  Ahad  Sabet,  had  lost  his 
passport  on  vacation  a  few  years  ago  in  Spain,  when  he  was  robbed  on  the  street  and 
the  attackers  stole  his  fannypack.®  This  is  a  clear  case  that  demonstrated  that 
personal  information,  if  not  properly  safeguarded,  is  a  prime  source  for  terrorist  or 
criminal  gathering  and  illegal  use.  Also,  with  a  minimal  amount  of  effort,  public 
information  is  available  to  those  who  readily  seek  it,  which  can  lead  to  identity  theft 
and  other  nefarious  activities.  This  is  illustrated  by  the  previously  mentioned  Al  Qaeda 
Training  Manual; 


“Using  public  source  information  only  and  not  resorting  to  illegal  means,  it  is 
possible  to  gather  at  least  80%  of  information  about  the  enemy.” 

-Al  Qaeda  Training  Manual,  Dec  2001^ 

A  benefit  to  using  publicly  available  information  is  that  the  terrorist  significantly  reduces 
the  risk  of  detection  and  apprehension.  They  are  generally  using  legal  means  to  gain 
the  information,  and  have  not  committed  a  crime  at  that  point.  In  addition  to  the 
relatively  simple  technique  of  identity  theft,  terrorists  have  also  resorted  to  radical 
means  to  mask  their  identity  including  plastic  surgery.  Riduan  Isamuddin,  also  known 
as  Hambali,  was  the  alleged  architect  of  numerous  attacks  in  the  past  10  years, 
including  last  year's  Bali  bombing.  Until  his  recent  capture  in  Bangkok,  Thailand,  he 
had  been  masquerading  in  Malaysia  for  three  months  under  a  false  identity.  He  had 
entered  Thailand  under  a  false  passport,  and  according  to  a  Thai  police  general,  he  had 
shaved  his  beard,  trimmed  his  moustache  and  undergone  plastic  surgery  to  disguise 
himself.®  As  terrorists  become  more  sophisticated  in  their  techniques  to  avoid  capture, 
the  international  community  clearly  needs  a  more  secure  means  to  verify  a  person’s 
identity  than  papers  and  photos. 

PROTECTIVE  MEASURES  TO  INCREASE  INDIVIDUAL  IDENTITY  AND  ACCESS 
CONTROLS 

Administration  officials  as  well  as  private  sector  transportation  organizations  are 

growing  increasingly  concerned  about  the  threat  that  terrorists  pose.  Not  only  do  they 

pose  a  threat  to  the  country  once  inside,  the  September  11,  2001  airplane  attacks 

proved  that  they  also  pose  a  direct  threat  to  the  safety  of  airline  personnel, 

passengers,  and  aircraft.  Following  the  attacks  in  September,  2001 ,  Pierre  Jeanniot, 

the  head  of  the  International  Air  Transport  Association  (lATA),  called  for  more  stringent 

measures  for  airports  and  airlines,  including  the  use  of  biometrics.®  In  order  to  adopt 

an  effective  system  to  identify  potential  terrorists,  one  single,  standardized  system  of 

individual  identification  needs  to  be  adopted  universally  for  all  foreigners  seeking 
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entrance  to  the  United  States.  Coupling  this  with  an  international  criminal  and  terrorist 
database  which  is  capable  of  data  mining  information  concerning  past  travel,  current 
itineraries,  criminal  background  and  terrorist  associations,  law  enforcement  activities 
would  have  a  very  powerful  tool  in  putting  a  name  and  a  face  to  the  potential  terrorist. 
This  system  must  be  secure,  reliable  and  accessible,  while  safeguarding  the  privacy  of 
the  bearer. 

In  simple  identity  theft,  the  perpetrator  steals  information  such  as  a  credit  card 
number  or  social  security  number  and  uses  it  as  though  they  were  the  valid  holder.  By 
possessing  this  private  piece  of  information,  they  are  able  to  establish  to  a  certain 
degree  that  they  are  who  they  claim  to  be.  The  thought  process  is  that  if  they  have 
this  information,  they  are  likely  the  valid  holder.  The  same  concept  is  used  by  banks 
and  other  institutions  to  verify  over  the  phone  a  mother’s  maiden  name,  date  of  birth, 
mailing  address,  phone  number,  etc.  If  an  idividual  has  access  to  this  privileged 
information,  they  are  likely  to  be  who  they  say  they  are.  A  more  complex  identity 
theft  is  to  steal  source  documents  such  as  birth  certificates  or  passports,  which 
criminals  in  turn  use  to  obtain  other  credentials  in  the  valid  owner's  name.  The 
credential-issuing  agency  may  only  require  a  single  document  or  element  of  sensitive 
personal  information  that  establishes  the  identity  of  the  holder.  By  presenting  false 
identity  documentation,  they  are  able  to  obtain  a  second  generation  document  such  as 
a  driver's  license  that  combines  the  stolen  identity  information  with  their  own 
photograph,  fingerprint  or  other  unique  identifiable  characteristic.  These  single  source 
verification  methods  only  provide  weak  security  in  establishing  the  identity  of  the 
holder.  A  digital  identification  system,  that  goes  beyond  simple  single  document 
verification,  is  the  best  candidate  to  confirm  individual  identity  through  the  use  of 
unique  individual  characteristics,  or  “biometrics.” 

BIOMETRICS  DEFINED 

Biometrics  are  those  unique,  measurable  characteristics  or  traits  that  each 
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human  being  possesses  that  can  be  used  to  automatically  recognize  them  or  verify 
their  identity.  Biometrics  are  seen  as  especially  "unique"  identifiers,  as  they  are 
incapable  of  being  lost,  changed,  or  forgotten.  Just  as  fingerprints  are  unique  to  each 
individual,  there  are  many  other  measurable  facets  that  can  also  be  used,  and  are  very 
difficult,  if  not  impossible,  to  fake.  By  combining  a  system  that  can  compare  the 
biometric  input  to  an  identity  database,  immigration  officials  would  have  an 
exponentially  improved  method  of  verifying  an  individual's  identity. 

TECHNICAL  ISSUES  AND  COMPLEX  OBSTACLES  TO  OVERCOME 

The  biggest  weakness  that  I  see  in  establishing  an  automated  identity 
verification  system  is  the  initial  identity  verification  of  an  individual.  If  a  weak 
identification  method  such  as  birth  certificate  or  social  security  card  is  used,  an 
individual  will  be  able  to  establish  a  false  identity  which  is  entered  into  the  system 
along  with  their  biometric  template,  which  they  will  be  able  to  use  repeatedly  if  not 
detected  through  other  means.  Initial  identity  verification  may  require  more  intrusive 
testing  such  as  blood  tests,  DNA  analysis,  or  other  means  to  firmly  establish  identity. 
Once  the  identity  is  established,  it  remains  permanently  linked  to  the  initial  biometric 
template  taken  upon  enrollment  into  the  system,  and  becomes  the  fused  baseline  for 
that  particular  individual. 

In  order  for  a  biometric  identification  system  to  be  feasible,  it  must  be  fast, 
reliable,  compact,  deployable,  and  potentially  able  to  share  information  in  real  time 
over  long  distances.  If  the  system  is  reliant  on  network  or  communication  system 
connectivity,  and  is  slow  or  off-line,  it  would  have  devastating  effects  on  international 
travel.  If  even  one  percent  of  all  readings  were  false  positives,  millions  of  people  would 
be  unnecessarily  detained  each  year.  Accuracy  is  critical,  and  poses  the  greatest 
technical  obstacle. 

A  common  misconception  of  biometric  measures  is  that  the  readings  are 
always  exactly  the  same.  This  is  simply  not  the  case.  A  fingerprint  scanner,  for 


example,  captures  an  image  of  the  entire  fingerprint  as  it  is  applied  to  the  device,  but 
only  certain  unique  aspects  of  the  fingerprint  are  digitally  mapped  for  comparison.  The 
angle  and  pitch  that  the  finger  is  placed  on  the  scanner,  the  amount  of  pressure 
applied,  the  moisture,  body  oil,  skin  condition,  even  the  time  of  day,  all  cause  minute 
factors  which  will  vary  slightly  each  time  a  reading  is  taken.  The  biometric  templates 
vary  with  each  biometric  placement  or  recording:  the  same  finger,  placed  over  and  over 
again,  generates  a  slightly  different  pattern  each  time.  As  this  data  is  digitized,  it 
leads  to  a  different  string  of  numbers  (i.e.  a  template).  The  master  biometric  template 
used  to  identify  the  individual  must  be  able  to  take  these  variances  into  account  while 
maintaining  a  very  high  accuracy  level.  By  establishing  a  number  of  “anchor  points” 
from  a  master  template,  a  computer  analysis  is  used  to  identify  common 
characteristics  and  patterns  to  verify  a  match.  Without  a  matching  algorithm  to  make 
sense  of  a  user's  enrollment  and  verification  templates,  the  small  differences  at  each 
reading  would  make  them  appear  as  a  mismatch,  or  unrelated. Therefore,  a 
verification  template  that  takes  into  account  these  minor  variations  is  necessary  to 
have  a  high  degree  of  probability  of  identity  verification.  The  objective  is  to  have  an 
extremely  accurate  system  with  a  very  high  match  rate  and  low  error  rate.  These 
parameters  are  defined  as  “False  Acceptance  Rates”  and  “False  Rejection  Rates.”" 
The  False  Acceptance  Rate  is  the  rate  at  which  the  system  erroneously  allows  an 
imposter  to  be  accepted  by  the  system.  The  False  Rejection  Rate  is  the  rate  at  which 
a  genuine  user  is  rejected  by  the  system.  The  optimum  is  somewhere  between  the 
two  extremes  where  these  rates  cross.  In  other  words,  to  achieve  the  best 
acceptance  rate  of  valid  users  with  the  least  number  of  false  rejections.  Common 
rates  at  this  cross-over  point  for  most  biometric  systems  is  in  the  0.1%  range.  These 
individuals  would  require  additional  scrutiny  to  positively  verify  their  identity. 

BIOMETRIC  SYSTEMS 

I  will  consider  the  advantages  and  disadvantages  of  several  systems  that  add 


the  assurance  of  identity  verification  to  ensure  the  individuai  is  who  they  say  they  are. 
The  steps  in  biometric  identity  verification  as  part  of  access  security  boii  down  to  either 
identifying  an  individuai  remoteiy  to  determine  who  they  are,  or  using  direct  individuai 
interface  reader  technoiogy  to  confirm  or  deny  that  they  are  who  they  ciaim  to  be. 
Remote  methods  such  as  faciai  recognition  do  not  reiy  on  interaction  with  the 
individuai,  and  can  be  used  with  or  without  their  knowiedge  or  consent.  Other  methods 
such  as  fingerprint  scanning  reiy  on  interaction  with  the  individuai  and  often  some 
action  on  their  part  to  compiy.  First,  Hi  iook  at  those  systems  that  seek  to  verify  an 
identity  ciaim,  then  iook  at  more  remote  systems  to  identify  individuais  with  or  without 
their  knowiedge  or  input. 

FINGERPRINT  VERIFICATION. 

The  use  of  fingerprints  to  estabiish  an  individuai’s  identity  has  been  the  most 
commoniy  used  of  aii  biometric  measures.  To  incorporate  this  into  an  identity 
verification  system,  it  wouid  invoive  the  use  of  an  opticai  scanner.  The  subject  pieces 
a  specified  finger  or  thumb  on  the  scanner,  and  it  scans  a  digitai  image  of  the 
fingerprint  or  thumbprint.  Technoiogy  varies  wideiy,  but  most  fingerprint  scanning 
systems  create  a  map  of  the  fingerprint’s  minutiae,  or  unique  characteristics  such  as 
the  distance  between  swiris,  patterns,  common  points  of  reference  or  fringe  patterns. 
Some  devices  can  detect  if  a  iive  finger  is  present,  others  cannot.  These  systems  are 
generaiiy  accurate  if  users  are  discipiined  properiy  in  appiying  the  finger  to  the  reading 
device.  These  are  reiativeiy  iow  cost,  smaii  in  size,  and  can  be  integrated  into  PC 
driven  systems  very  easiiy.  There  are  drawbacks  to  this  method.  It  requires  a  finger  to 
be  appiied  to  a  scanner.  What  if  the  individuai’s  finger  is  missing,  aitered,  injured  or 
otherwise  changed  from  the  originai  image  capture?  Aiso,  it  invoives  the  compiiance  of 
the  individuai  and  the  individuai  reaiization  that  they  are  being  scanned.  There  is  aiso 
a  hygienic  concern  about  the  transfer  of  disease  or  infection  with  the  iarge  voiume  of 
individuais  touching  the  same  scanner.  Whiie  there  are  some  drawbacks,  this  is 


currently  the  most  common  biometric  method  in  use.  Canadian  customs  use  a 
system  called  CANPASS,  which  scans  truckdriver’s  fingerprints  to  allow  their  passage 
across  the  U.S.  Canadian  border. 

HAND  SCANNER 

This  method  is  similar  to  the  fingerprint  scanner,  but  it  uses  an  algorithm  based 
on  hand  geometry.  This  measures  the  physical  characteristics  of  the  user’s  hand  and 
fingers.  Methods  differ  in  hand  scanners,  such  as  reading  unique  hand  characteristics 
from  a  three-dimensional  perspective.  Other  scanners  measure  the  creases  on  the 
palm,  while  another  specializes  in  analyzing  the  veins,  arteries  and  fatty  tissues  on  the 
hand.'®  This  requires  less  precision  in  hand  placement  on  the  scanner  than  the 
fingerprint  scanner,  and  would  be  a  good  choice  for  untrained  users  such  as  airline 
passengers.  This  has  the  same  potential  disadvantages  as  the  fingerprint  scanner,  but 
using  a  scanner  that  scans  in  three  dimensions  without  needing  the  subject  to  touch  it 
could  alleviate  the  hygienic  concern.  The  U.S.  Federal  Bureau  of  Prisons  is  using  this 
biometric  measure  for  the  access  control  of  prisoners  to  cafeterias,  hospitals  and 
recreational  lounges.'^  The  master  template,  first  scanned  when  they  enter  the  prison 
population,  is  stored  in  a  prisoner  biometric  database.  This  database  provides  the 
comparison  against  the  master  template  when  a  prisoner  uses  a  hand  scanner.  If  the 
hand  presented  to  the  scanner  matches  the  master  template,  access  is  granted. 

Also,  information  about  the  transaction  can  be  stored  as  an  audit  trail  for  prisoner 
tracking  purposes  if  necessary.'® 

EYE  SCAN 

There  are  two  primary  methods  being  developed  that  relate  to  the  eye,  the  retinal  scan 
and  the  iris  scan.  The  Retinal  Scanner  involves  the  use  of  a  low-level  infrared  light 
source  with  an  optical  coupler  that  scans  the  eye  retina. '®  It  maps  the  image  of  the 
retina,  including  the  pattern  of  blood  vessels  in  the  eye.  This  data  is  digitized,  and 


mapped  much  like  the  fingerprint  scanner.  This  system  is  very  accurate,  but  requires 
the  individual  to  look  into  the  scanner  and  focus  on  a  given  point.  This  process  can  be 
complicated  by  glasses  or  sunglasses,  and  individuals  who  are  blind,  have  cataracts, 
are  unable  or  unwilling  to  open  their  eye,  all  pose  problems  for  this  technique.  The  low- 
level  infrared  beam  that  is  transmitted  into  the  eye  causes  a  degree  of  user  unrest  at 
this  invasive  process,  and  many  fear  eye  damage  as  a  result.  This  lack  of  public 
acceptance  is  a  serious  hindrance  to  this  otherwise  effective  method.  The  retinal 
scan  provides  roughly  the  same  volume  of  data  and  accuracy  as  the  fingerprint 
scanning  technique.  The  other  optical  scanning  method  is  the  Iris  Scanner,  which 
uses  conventional  camera  technology  to  measure  and  map  the  iris  of  the  eye.  This 
technique  was  pioneered  in  England  in  the  mid-90’s,  and  uses  the  unique  pattern  of 
the  colored  ring  surrounding  the  pupil  of  the  eye  (Iris).  This  accurate  method  performs 
better  than  the  retinal  scan  on  an  individual  wearing  glasses.  It  is  also  non-invasive,  in 
that  it  takes  a  picture  of  the  iris  rather  than  projecting  a  beam  into  the  eye  as  with  the 
retinal  scan.^°  The  Iris  scan  is  considered  by  many  experts  to  be  the  most  accurate 
of  all  the  biometric  technologies.  EyeTicket,  an  American  company  that  produces  iris 
scanners,  claims  that  it  reads  266  different  characteristics  (data  points  or  anchor 
points)  as  opposed  to  fingerprint  technology,  which  reads  about  90.  Also,  the  iris  does 
not  change  in  an  individual  after  they  are  one  year  old,  so  a  master  template  taken 
early  in  life  will  remain  valid  for  a  lifetime.  EyeTicket  has  run  pilot  programs  at 
airports  in  Charlotte,  NC  and  Frankfurt,  Germany.  It  was  also  used  to  verify  the 
identity  of  airport  crews  and  staff  in  Sydney  Australia  during  the  2000  Olympics. 

DNA/BODY  FLUID  ANALYSIS.  As  anyone  who  has  seen  a  recent  crime  drama 
knows,  body  fluids  and  DNA  are  a  very  good  way  to  verify  individual  identity.  However, 
due  to  the  legal  limitations  on  gathering  samples,  the  lengthy  testing  period, 
complexity  and  cost,  it  is  not  a  viable  alternative  for  use  as  part  of  the  immigration 
control  process. 


VOICE  RECOGNITION. 

Through  the  use  of  speech  pattern  analysis,  voice  recognition  systems  have 
generally  been  adopted  to  technology  involving  telephone  systems.^  These  are 
affected  by  differences  in  communication  systems,  background  noise,  and  require  the 
individual  to  speak  into  a  microphone  to  accomplish  the  analysis.  The  biometric 
template  for  this  method  is  based  on  a  master  voice  template,  which  is  composed  by 
speaking  a  phrase,  or  sentence  multiple  times.  This  is  used  to  establish  a  voice 
template  of  the  specific  timing  of  speech,  frequencies,  timbre,  and  tone.  This  method 
is  considered  by  many  to  be  the  weakest  biometric  method  currently  under  study.  It 
has  trouble  compensating  for  the  differing  behavior  of  the  subject  while  rendering  a 
sample,  and  is  affected  by  sickness,  drugs  and  emotions  of  the  test  subject.  Also,  an 
individual  unable  or  unwilling  to  speak  could  not  be  verified  using  this  technology. 

SIGNATURE  VERIFICATION 

11 

This  method  involves  the  use  of  scanning  technology  to  verify  an  individual's 
signature.^  Most  systems  use  a  stylus  and  input  screen  which  require  the  individual 
to  sign  their  name  on  the  input  screen.  The  scanner  digitizes  the  signature  and 
compares  it  to  a  signature  on  file.  This  method  has  more  public  acceptance  than 
others  in  that  individuals  routinely  sign  their  name,  and  this  is  a  commonly  accepted 
form  of  proving  their  identity.  This  is  a  fairly  accurate  medium,  although  not  currently 
in  widespread  use. 


FACE  RECOGNITION. 

This  technique  uses  camera  technology  to  scan  faces.  The  scanned  facial 
image  is  then  digitized,  and  compared  to  a  database  that  is  based  on  facial 
proportions  and  distances  between  facial  features.^'^  By  measuring  the  peaks  and 


valleys  of  the  face,  such  as  the  very  tip  of  the  nose  In  relation  to  the  depth,  angle  and 
distance  to  the  eye  sockets,  nodal  points  are  mapped  and  stored.  Most  systems  use 
about  80  nodal  points,  with  14  to  22  matches  needed  to  Identity  verification.^® 
Advances  In  this  technology  have  developed  quickly,  although  there  Is  a  relatively  high 
error  rate.  Acsys  Biometric  Systems,  a  leader  In  facial  recognition,  reports  their  best 
system  has  only  a  3.1%  error  rate.^  This  seemingly  small  error  rate  would  be  very 
significant  given  the  huge  volume  of  dally  travelers  who  cross  our  borders.  Other 
limitations  of  the  system  Include  the  need  for  Ideal  lighting  conditions  and  facial  angle, 
which  have  a  significant  Impact  on  accuracy.  Much  work  Is  being  done  to  develop 
adaptive  computer  software  that  can  adjust  for  different  lighting  and  angles,  but  this 
method  still  falls  far  behind  other  techniques  In  accuracy.  This  Is  one  of  the  few 
technologies  that  can  be  used  without  the  subject’s  knowledge  and  can  operate  from  a 
distance.  For  this  reason,  law  enforcement  activities  and  some  private  Industries  have 
embraced  It.  Over  100  gambling  casinos  In  the  United  States  use  this  technique  to 
locate  and  Identify  known  card  sharks,  card  counters  and  criminals  whose  Images  are 
stored  on  a  shared  database.  Because  the  system  measures  geometric  aspects  of 
the  face.  It  has  proven  to  remain  fairly  accurate  for  Individuals  wearing  a  disguise  or 
who  have  undergone  minor  plastic  surgery  to  change  their  appearance. 

The  facial  recognition  system  also  presents  a  privacy  concern  In  the  minds  of 
many  Individuals.  By  remotely  scanning  without  an  Individual's  knowledge,  there  Is  no 
specific  consent  given  or  needed  to  accomplish  Identification.  The  other  systems 
Involve  the  subject  doing  something,  such  as  touching  a  scanner,  which  provides  an 
Implied  consent,  as  they  are  cooperating  with  the  process.  The  anonymous  nature  of 
the  facial  recognition  system  that  makes  It  appealing  to  law  enforcement  Is  the  same 
aspect  that  cause  privacy  advocates  to  oppose  It. 


SMART  CARD 


The  “smart  card”  is  not  a  biometric  measure,  but  is  used  in  partnership  with  one 
of  the  biometric  systems.  It  is  commoniy  understood  to  be  a  card  that  has  the  abiiity 
to  store  data,  usuaiiy  through  a  smaii  computer  chip  embedded  in  the  card.  A  smart 
identification  card  can  contain  personai  information  beionging  to  the  bearer  such  as 
biood  type,  home  address,  etc.  Given  the  increased  storage  capacity  of  microchips 
and  technoiogicai  advances  in  miniaturization  and  data  storage,  the  use  of  a  smart 
identity  card  can  aiso  be  used  as  an  identity  verification  device  in  conjunction  with  a 
biometric  measure  as  described  above.  A  smart  card  system  has  the  capabiiity  to 
add  additionai  iayers  of  identity  verification.  In  addition  to  verifying  what  the  individuai 
has  (birth  certificate,  passport,  credit  card)  and  what  they  know  (sensitive  personai 
information,  account  numbers,  passwords),  the  system  can  add  a  much  stronger  iayer 
through  the  use  of  biometrics,  with  the  personai,  physicai  (biometric)  information 
embedded  on  the  card  itseif.  The  data  storage  mediums  on  the  smart  card  vary. 

These  may  be  printed  data  (weakest)  to  bar  code,  magnetic  strip,  hoiograph,  or 
embedded  data  chip.  By  embedding  a  measurabie  physicai  characteristic  (biometric) 
on  a  card  in  possession  of  the  bearer  (token  device)  a  powerfui  iink  is  estabiished  to 
verify  identity.  This  process  invoives  the  identification  of  physicai  characteristics 
matched  against  other  known  information  to  positiveiy  identify  that  the  person 
presenting  a  smart  card  is  the  same  indivitftjai  whose  identity  is  matched  to  that  card. 
As  an  additionai  iayer  of  security,  the  chip  on  the  card  can  contain  an  encryption 
aigorithm,  which  encodes  the  biometric  tempiate.  Once  the  encrypted  card  is 
scanned  by  a  smart  card  reader,  the  aigorithm  wouid  be  matched  to  a  decryption  key, 
making  the  data  readabie  in  matching  the  card  sampie  against  the  biometric  being 
presented.  This  means  that  an  individuai’s  personai  biometric  profiie  wouid  be  safe 
from  identify  theft  if  the  card  were  iost  or  stoien.  The  data  wouid  be  uninteiiigibie  to  a 
thief  without  the  key  to  the  encryption.  This  appiication  strengthens  the  abiiity  of  the 
system  to  protect  individuai  privacy  and  secure  personai  information  at  the  same 
time.^® 


One  additional  component  which  can  be  embedded  in  the  smart  card  promises 
additional  security  to  track  both  passengers  and  baggage.  A  small  radio-frequency 
(RF)  tag  can  be  imbedded  in  the  smart  card  or  baggage  tags,  which  can  be  read  by 
sensors  when  the  RF  tag  comes  into  the  physical  proximity  of  the  reader.  This  would 
allow  tracking  of  passengers  and  baggage  within  airports,  as  well  as  providing  an  initial 
identity  indication  when  a  passenger  approaches  a  check-in  point.  For  example,  as 
passenger  John  Smith  approached  a  smart  check-in  terminal,  he  would  pass  in  near 
proximity  to  an  RF  reader,  possibly  imbedded  in  an  archway  or  stanchion.  This  reader 
would  interrogate  the  RF  chip  on  his  smart  card.  In  response  to  the  query,  the  reader 
identifies  from  the  RF  tag  that  the  smart  card  belongs  to  John  Smith.  As  Mr.  Smith 
reaches  the  check  in  point,  he  is  greeted  by-name,  with  reservation  and  flight 
information  immediately  available  to  confirm  his  itinerary.  He  is  asked  to  present  his 
smart  card,  which  is  inserted  into  a  card  reader.  He  is  then  asked  to  submit  a 
biometric  sample  (eye  scan,  fingerprint,  etc.).  Simultaneously,  the  biometric  algorithm 
(which  is  contained  on  the  data  chip  of  his  smart  card)  is  applied  to  the  decryption 
key,  and  Mr.  Smith’s  biometric  template  is  matched  to  verify  that  the  template 
contained  on  the  card  matches  the  sample  that  is  now  being  taken.  In  other  words, 
the  John  Smith  whose  data  is  on  the  card  is  the  John  Smith  now  giving  the  sample  at 
the  check  in  point.  This  process  would  speed  both  initial  check-in  and  subsequent 
passenger  processing.  Once  his  initial  identity  verification  has  been  accomplished, 
John  Smith  would  pass  into  a  passenger-only  area,  and  his  bags,  also  containing  RF 
tags,  would  start  the  loading  process.  By^i^acing  RF  sensors  or  gateways  at  different 
points  throughout  the  airport,  the  passenger/baggage  tracking  system  could  track  the 
location  of  John  Smith  and  his  bags.  Upon  arrival  at  the  boarding  gate,  an  RF  sensor 
could  verify  Mr.  Smith’s  boarding  of  the  plane  without  additional  paperwork  or 
passenger  checking.  It  could  also  verify  that  both  John  Smith  and  his  bags  are  on  the 
aircraft  prior  to  departure.  A  significant  advantage  of  the  smart  card  with  biometric 
data  is  that  verification  can  be  done  locally.  That  is,  the  card  reading  device  can 


decrypt  the  biometric  and  match  it  against  the  biometric  sampie  being  given  without 
having  to  access  a  network  or  master  database.  This  wouid  be  much  faster  than  a 
networked  system,  and  not  subject  to  system  down  time,  overioad,  etc.^  This 
process  wouid  aiso  have  the  added  benefit  of  speeding  passenger  processing  and 
requiring  iess  physicai  interaction  with  muitipie  ticket  agents. 


DATABASES 

A  key  component  to  making  personai  identity  verification  is  the  use  of 
databases  that  contain  personai  information  about  individuais.  There  are  fairiy 
widespread  concerns  about  respecting  the  privacy  of  individuais,  and  there  are  iegai 
iimitations  on  what  information  can  be  stored  and  used.  The  best  use  of  database 
technoiogy  wouid  be  a  comprehensive  database,  containing  key  information  about 
everyone,  which  couid  be  accessed  or  mined  in  an  effort  to  detect  terrorists  attempting 
entry  into  the  United  States.  This,  however,  is  very  impracticai.  The  number  of 
records  wouid  be  astronomicai,  and  the  database  impossibie  to  assembie  and 
maintain.  Aiso,  it  wouid  contain  information  about  private  citizens  who  are  not 
suspected  of  wrongdoing.  In  1967,  Aian  Westin  defined  privacy  as  “the  ciaim  of 
individuais,  groups  or  institutions  to  determine  for  themseives  when,  how  and  to  what 
extent  information  about  them  is  communicated  to  others.”  Aside  from  the  ethicai 
issue  of  maintaining  detaiied  records  about  innocent  citizens,  iaws  prevent  much  of  it. 
The  Privacy  Act  of  1974  protects  citizens  from  the  unauthorized  disciosure  or  use  of 
their  sociai  security  number,  whiie  the  Computer  Fraud  and  Abuse  Act  restricts  cross 
matching  of  federai  databases  to  trianguiate  identity  information.^”  The  Department  of 
Defense  was  forced  to  do  away  with  the  Tpjai  Information  Awareness  Program 
(designed  to  data  mine  personai  information  for  terrorist  activities)  because  it  coiiected 
information  about  U.S.  citizens.  The  Department  of  Defense  is  prohibited  from 
monitoring  the  private  activity  of  U.S.  citizens  by  privacy  iaws  and  is  aiso  barred  from 


operating  as  part  of  domestic  law  enforcement  operations.^^ 

Two  of  the  major  privacy  concerns  among  opponents  of  biometrics  are 
unauthorized  use  and  unauthorized  disclosure.  Unauthorized  use  is  the  use  of  the 
information  for  a  purpose  other  than  which  it  was  intended.  Unauthorized  disclosure  is 
the  widespread  sharing  or  distribution  of  this  personal  information  without  consent  (also 
possibly  for  uses  other  than  the  originally  intended  purpose  of  personal  identification). 
There  are  opposing  forces  at  work  in  the  scope  of  information  sharing.  To  those  in  the 
privacy  extreme,  this  information  should  not  be  stored  on  any  database  or  archive.  To 
the  other  extreme,  law  enforcement,  immigration,  and  anti-terrorist  officials  would  argue 
that  the  more  this  information  is  collected  and  shared  between  governmental  agencies, 
the  better  they  can  cooperate  in  the  identification,  detention  and  apprehension  of 
potential  criminals  or  terrorist  suspects.  Due  to  the  many  practical  and  legal 
limitations  of  a  comprehensive  database,  the  scope  should  be  narrowed  to  a  database 
of  known  or  suspected  terrorists  who  are  not  U.S.  citizens.  Depending  upon  the 
technology  being  used,  part  of  this  database  may  contain  biometric  information  to 
assist  in  identity  verification.  This  biometric  information  is,  in  fact,  personal 
information,  and  should  be  subject  to  the  same  safeguards  as  other  sensitive 
information  such  as  hospital  and  financial  records.^^ 

CONCLUSION 

To  counter  privacy  concerns  while  providing  the  most  effective  personal  identification 
system,  I  recommend  the  adoption  of  the  Iris  Recognition  biometric  with  microchip 
smart  card  technology  as  the  primary  means  of  personal  identification.  This  is  the 
easiest,  most  accurate  and  fastest  method  of  biometric  measurement.  A  fingerprint 
biometric  should  be  used  as  a  backup  for  those  limited  individuals  who  cannot  render  a 
readable  Iris  scan.  The  biometric  information  should  be  encrypted  and  stored  on  the 
smart  card,  but  not  maintained  on  a  central  database.  The  only  database  checks  that 
should  be  accomplished  are  those  to  che(i^  for  known  criminals  or  suspected  terrorists 


who  are  not  U.S.  citizens.  This  wouid  provide  an  enhanced  abiiity  to  identify  nefarious 
individuais  without  running  into  significant  iegai  roadbiocks  with  U.S.  citizens,  and 
individuais  not  suspected  of  wrongdoing.  This  compromise  wouid  stiii  aiiow  scrutiny  of 
the  iargest  threat  popuiation.  Aiso,  the  State  Department  shouid  require  individuais  to 
verify  their  identity,  record  a  master  biometric,  and  be  issued  a  smart  travei  card  as  a 
condition  for  issue  of  U.S.  visas  to  foreigners.  Compiiance  wouid  be  voiuntary,  but  a 
condition  for  entry  to  the  U.S.  The  cost  of  program  administration  and  smart  card 
production  shouid  be  borne  by  the  appiicant  as  part  of  Visa  appiication  fees.  The 
Internationai  Air  Transport  Association,  which  now  represents  neariy  280  airiines,  has 
formed  a  working  group  consisting  of  members  from  airiines,  airports,  government 
agencies  and  commerciai  vendors,  to  further  a  biometric  soiution  to  passenger 
controis.^^  Progress  is  ongoing,  and  agreements  on  format  and  architecture  between 
governmentai  organizations  are  being  worked  out.  Hopefuiiy,  this  recommendation  wiii 
become  a  reaiity  within  the  next  four  to  six  years.  It  is  true  that  we  sacrifice  a  degree 
of  privacy  and  anonymity  to  preserve  the  iiberty  of  our  nation  and  protect  its  citizens 
from  those  who  wouid  do  us  harm.  This  is  a  smaii  price  to  pay  in  order  to  secure 
increased  security,  improved  immigration  controis  and  a  safer  traveiing  environment  for 
aii. 
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